Jump to content

New stealthy Pumakit Linux rootkit malware spotted in the wild


Recommended Posts

Posted

From Bleeping Comoputer:

 

A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems.



The malware is a multi-component set that includes a dropper, memory-resident executables, a kernel module rootkit, and a shared object (SO) userland rootkit.

Elastic Security discovered Pumakit in a suspicious binary ('cron') upload on VirusTotal, dated September 4, 2024, and reported having no visibility into who uses it and what it targets.

Generally, these tools are used by advanced threat actors targeting critical infrastructure and enterprise systems for espionage, financial theft, and disruption operations.

 

More at the referenced topic.

  • Like 1
securitybreach
Posted

Well going by history, this will be patched within a day or two on Linux.

  • Like 1
securitybreach
Posted

I just read that:

 

"it only works on kernels 5.7 or lower, even debian stable has a more recent kernel."

  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...